Merge tag '1.2' into ppa

CMakeLists.txt

@@ -1,11 +1,14 @@
 cmake_minimum_required(VERSION 2.4)
 project(postsrsd C)
+include(CheckIncludeFile)
 
 option(GENERATE_SRS_SECRET "Generate a random SRS secret if none exists during install" ON)
 option(USE_APPARMOR "Enable AppArmor profile" OFF)
 
 set(CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/lib/${PROJECT_NAME}" CACHE PATH "Chroot jail for daemon")
-set(CONFIG_DIR "/etc/default" CACHE PATH "Location of configuration file")
+set(SYSCONF_DIR "/etc" CACHE PATH "Global system configuration folder")
+set(CONFIG_DIR "${SYSCONF_DIR}/default" CACHE PATH "Location of startup configuration file")
+set(DOC_DIR "share/doc/${PROJECT_NAME}" CACHE PATH "Path for documentation files")
 
 find_program(HELP2MAN help2man DOC "path to help2man executable")
 find_program(DD dd DOC "path to dd executable")
@@ -13,16 +16,36 @@ find_program(BASE64 base64 DOC "path to base64 executable")
 find_program(INSSERV insserv DOC "path to insserv executable")
 find_program(CHKCONFIG chkconfig DOC "path to chkconfig executable")
 
+check_include_file(sys/wait.h HAVE_SYS_WAIT_H)
+if(HAVE_SYS_WAIT_H)
+    add_definitions(-DHAVE_SYS_WAIT_H)
+endif()
+check_include_file(wait.h HAVE_WAIT_H)
+if(HAVE_WAIT_H)
+    add_definitions(-DHAVE_WAIT_H)
+endif()
+check_include_file(sys/time.h HAVE_SYS_TIME_H)
+if(HAVE_SYS_TIME_H)
+    add_definitions(-DHAVE_SYS_TIME_H)
+endif()
+check_include_file(time.h HAVE_TIME_H)
+if(HAVE_TIME_H)
+    add_definitions(-DHAVE_TIME_H)
+endif()
+
 if(NOT DEFINED INIT_FLAVOR)
-    if(IS_DIRECTORY "/etc/init" AND EXISTS "/lib/init/upstart-job")
+	if(IS_DIRECTORY "${SYSCONF_DIR}/systemd" AND EXISTS "/usr/lib/systemd/systemd")
+        message(STATUS "Detected init flavor: systemd")
+        set(INIT_FLAVOR "systemd" CACHE STRING "Init daemon of this system")
+    elseif(IS_DIRECTORY "${SYSCONF_DIR}/init" AND EXISTS "/lib/init/upstart-job")
         message(STATUS "Detected init flavor: upstart")
         set(INIT_FLAVOR "upstart" CACHE STRING "Init daemon of this system")
-    elseif(IS_DIRECTORY "/etc/init.d" AND EXISTS "/lib/lsb/init-functions")
-        message(STATUS "Detected init flavor: sysv-lsb")
-        set(INIT_FLAVOR "sysv-lsb" CACHE STRING "Init daemon of this system")
-    elseif(IS_DIRECTORY "/etc/init.d" AND EXISTS "/etc/init.d/functions")
+    elseif(IS_DIRECTORY "${SYSCONF_DIR}/init.d" AND EXISTS "${SYSCONF_DIR}/init.d/functions")
         message(STATUS "Detected init flavor: sysv-redhat")
         set(INIT_FLAVOR "sysv-redhat" CACHE STRING "Init daemon of this system")
+    elseif(IS_DIRECTORY "${SYSCONF_DIR}/init.d" AND EXISTS "/lib/lsb/init-functions")
+        message(STATUS "Detected init flavor: sysv-lsb")
+        set(INIT_FLAVOR "sysv-lsb" CACHE STRING "Init daemon of this system")
     else()
         message(STATUS "Detected init flavor: none")
         message(STATUS "System startup files will not be installed")
@@ -38,10 +61,13 @@ set(APPARMOR_PROFILE "${CMAKE_INSTALL_PREFIX}/sbin/${POSTSRSD}")
 string(REGEX REPLACE "^/+" "" APPARMOR_PROFILE "${APPARMOR_PROFILE}")
 string(REPLACE "/" "." APPARMOR_PROFILE "${APPARMOR_PROFILE}")
 
-configure_file(${PROJECT_NAME}.lsb_init.in ${PROJECT_NAME}.lsb_init @ONLY)
-configure_file(${PROJECT_NAME}.rh_init.in ${PROJECT_NAME}.rh_init @ONLY)
-configure_file(${PROJECT_NAME}.upstart.in ${PROJECT_NAME}.upstart @ONLY)
-configure_file(${PROJECT_NAME}.apparmor.in ${PROJECT_NAME}.apparmor @ONLY)
+configure_file(init/${PROJECT_NAME}.sysv-lsb.in ${PROJECT_NAME}.sysv-lsb @ONLY)
+configure_file(init/${PROJECT_NAME}.sysv-redhat.in ${PROJECT_NAME}.sysv-redhat @ONLY)
+configure_file(init/${PROJECT_NAME}.upstart.in ${PROJECT_NAME}.upstart @ONLY)
+configure_file(init/${PROJECT_NAME}.apparmor.in ${PROJECT_NAME}.apparmor @ONLY)
+configure_file(init/${PROJECT_NAME}.systemd.in ${PROJECT_NAME}.systemd @ONLY)
+configure_file(init/${PROJECT_NAME}.default.in ${PROJECT_NAME}.default @ONLY)
+
 configure_file(postinstall.cmake.in postinstall.cmake @ONLY)
 
 if(HELP2MAN)
@@ -53,10 +79,10 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.8 DESTINATION "share/m
 endif()
 
 if(USE_APPARMOR)
-	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.apparmor DESTINATION "/etc/apparmor.d" RENAME "${APPARMOR_PROFILE}")
+	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.apparmor DESTINATION "${SYSCONF_DIR}/apparmor.d" RENAME "${APPARMOR_PROFILE}")
 endif()
 
 install(TARGETS ${PROJECT_NAME} DESTINATION "sbin")
-install(FILES README.md main.cf.ex DESTINATION "share/doc/${PROJECT_NAME}")
+install(FILES README.md main.cf.ex DESTINATION "${DOC_DIR}")
 install(SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/postinstall.cmake")
 

README.md

@@ -1,9 +1,16 @@
+PostSRSd
+========
+
 About
-=====
+-----
+
 PostSRSd provides the Sender Rewriting Scheme (SRS) via TCP-based 
 lookup tables for Postfix. SRS is needed if your mail server acts
 as forwarder. 
 
+
+Sender Rewriting Scheme Crash Course
+------------------------------------
 Imagine your server receives a mail from alice@example.com
 that is to be forwarded. If example.com uses the Sender Policy Framework 
 to indicate that all legit mails originate from their server, your 
@@ -12,28 +19,54 @@ on behalf of example.com. The solution is that you map the address to
 your own domain, e.g. 
 SRS0+xxxx=yy=example.com=alice@yourdomain.org (forward SRS). If the
 mail is bounced later and a notification arrives, you can extract the
-original address from the rewritten one (revere SRS) and return the
+original address from the rewritten one (reverse SRS) and return the
 notification to the sender. You might notice that the reverse SRS can
 be abused to turn your server into an open relay. For this reason, xxxx
 and yy are a cryptographic signature and a time stamp. If the signature
 does not match, the address is forged and the mail can be discarded.
 
 Building
-========
+--------
+
 PostSRSd requires a POSIX compatible system and CMake to build. 
 Optionally, help2man is used to create a manual page.
 
 For convenience, a Makefile fragment is provided which calls CMake with
 the recommended command line options. Just run `make`.
 
+Alternatively, you can control many aspects of the build manually:
+
+    mkdir build
+    cd build
+    cmake .. <options>
+    make
+    make install
+
+The CMake script defines a number of options in addition to the
+standard CMake flags. Use `-D<option>=<value>` to override the defaults.
+
+*   `GENERATE_SRS_SECRET` (default: `ON`). Generate a random secret on install.
+*   `USE_APPARMOR` (default: `OFF`): Install an AppArmor profile for the daemon.
+*   `INIT_FLAVOR` (default: auto-detect). Select the appriopriate startup 
+    script type. Must be one of (`upstart`,`sysv-lsb`,`sysv-redhat`) or `none`.
+*   `CHROOT_DIR` (default: `${CMAKE_INSTALL_PREFIX}/lib/postsrsd`). Chroot jail
+    for the daemon.
+*   `SYSCONF_DIR` (default: `/etc`). Location of system configuration files.
+*   `CONFIG_DIR` (default: `${SYSCONF_DIR}/default`). Install destination for
+    the postsrsd settings.
+*   `DOC_DIR` (default: `${CMAKE_INSTALL_PREFIX}/share/doc/postsrsd`). Install
+    destination for documentation files.
+
 Installing
-==========
+----------
+
 Run `make install` as root to install the daemon and the configuration
 files.
 
 Configuration
-=============
-The configuration is located in `/etc/default/postsrsd`. You must store
+-------------
+
+The configuration is located in `/etc/default/postsrsd` by default. You must store
 at least one secret key in `/etc/postsrsd.secret`. The installer tries to generate
 one from `/dev/urandom`. Be careful that no one can guess your secret,
 because anyone who knows it can use your mail server as open relay!

postsrsd.default → init/postsrsd.default.in

@@ -1,7 +1,7 @@
 # Default settings for postsrsd
 
-# Local domain name. 
-# Addresses are rewritten to originate from this domain. The default value 
+# Local domain name.
+# Addresses are rewritten to originate from this domain. The default value
 # is taken from `postconf -h mydomain` and probably okay.
 #
 #SRS_DOMAIN=example.com
@@ -17,7 +17,7 @@
 # When postsrsd is installed for the first time, a random secret is generated
 # and stored in /etc/postsrsd.secret. For most installations, that's just fine.
 #
-#SRS_SECRET=/etc/postsrsd.secret
+SRS_SECRET=@SYSCONF_DIR@/@PROJECT_NAME@.secret
 
 # Local ports for TCP list.
 # These ports are used to bind the TCP list for postfix. If you change
@@ -25,11 +25,14 @@
 # are bound to the loopback interface, and should never be exposed on
 # the internet.
 #
-#SRS_FORWARD_PORT=10001
-#SRS_REVERSE_PORT=10002
+SRS_FORWARD_PORT=10001
+SRS_REVERSE_PORT=10002
 
-# Drop root privileges and run as another user after initialization. 
+# Drop root privileges and run as another user after initialization.
 # This is highly recommended as postsrsd handles untrusted input.
 #
 RUN_AS=nobody
 
+# Jail daemon in chroot environment
+CHROOT=@CHROOT_DIR@
+

init/postsrsd.systemd.in

@@ -0,0 +1,15 @@
+[Unit]
+Description=PostSRSd Daemon
+After=network.target
+
+[Service]
+Type=simple
+Environment SRS_DOMAIN=localhost.localdomain
+Environment SRS_EXCLUDE_DOMAINS=
+EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f${SRS_FORWARD_PORT} -r${SRS_REVERSE_PORT} -d${SRS_DOMAIN} -s${SRS_SECRET} -u${RUN_AS} -c${CHROOT} -X${SRS_EXCLUDE_DOMAINS}
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+

postsrsd.lsb_init.in → init/postsrsd.sysv-lsb.in

@@ -20,7 +20,7 @@ NAME=@PROJECT_NAME@
 DESC="Postfix Sender Rewriting Scheme daemon"
 
 PIDFILE=/var/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
+SCRIPTNAME=@SYSCONF_DIR@/init.d/$NAME
 
 # Gracefully exit if the package has been removed.
 test -x $DAEMON || exit 0
@@ -29,17 +29,10 @@ test -x $DAEMON || exit 0
 
 # Default configuration
 SRS_DOMAIN=`postconf -h mydomain || true`
-SRS_FORWARD_PORT=10001
-SRS_REVERSE_PORT=10002
-SRS_SECRET=/etc/@PROJECT_NAME@.secret
-RUN_AS=nobody
-CHROOT=@CHROOT_DIR@
+SRS_EXCLUDE_DOMAINS=
 
-# Read config file if it is present.
-if [ -r @CONFIG_DIR@/$NAME ]
-then
-    . @CONFIG_DIR@/$NAME
-fi
+# Read config file
+. @CONFIG_DIR@/$NAME
 
 test -r "$SRS_SECRET" -a -n "$SRS_DOMAIN" || exit 0
 
@@ -51,7 +44,7 @@ case "$1" in
 		--pidfile $PIDFILE \
 		--name $NAME \
 		--startas $DAEMON \
-		-- -4 -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
+		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
 	then
 	    log_end_msg 0
 	else
@@ -76,8 +69,21 @@ case "$1" in
 	$0 start
 	ret=$?
 	;;
+  status)
+        log_daemon_msg "postsrsd is running"
+        if [ -s $PIDFILE ]; then
+            PID=`cat $PIDFILE`
+            if kill -0 "$PID" 2>/dev/null; then
+                log_end_msg 0
+            else
+                log_end_msg 1
+            fi
+        else
+            log_end_msg 1
+        fi
+        ;;
   *)
-	echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|status}" >&2
 	exit 1
 	;;
 esac

postsrsd.rh_init.in → init/postsrsd.sysv-redhat.in

@@ -16,33 +16,26 @@ prog=@POSTSRSD@
 DESC="Postfix Sender Rewriting Scheme daemon"
 
 PIDFILE=/var/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
+SCRIPTNAME=@SYSCONF_DIR@/init.d/$NAME
 
 # Gracefully exit if the package has been removed.
 test -x $DAEMON || exit 0
 
-. /etc/init.d/functions
+. @SYSCONF_DIR@/init.d/functions
 
 # Default configuration
 SRS_DOMAIN=`postconf -h mydomain || true`
-SRS_FORWARD_PORT=10001
-SRS_REVERSE_PORT=10002
-SRS_SECRET=/etc/@PROJECT_NAME@.secret
-RUN_AS=nobody
-CHROOT=@CHROOT_DIR@
+SRS_EXCLUDE_DOMAINS=
 
-# Read config file if it is present.
-if [ -r @CONFIG_DIR@/$NAME ]
-then
-    . @CONFIG_DIR@/$NAME
-fi
+# Read config file
+. @CONFIG_DIR@/$NAME
 
 test -r "$SRS_SECRET" -a -n "$SRS_DOMAIN" || exit 0
 
 do_start()
 {
 	echo -n "Starting $DESC: "
-	daemon $DAEMON -4 -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
+	daemon $DAEMON -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
 	               -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
 	RETVAL=$?
 	echo

init/postsrsd.upstart.in

@@ -0,0 +1,14 @@
+description "Postfix Sender Rewriting Scheme daemon"
+author "Timo Röhling <timo.roehling@gmx.de>"
+
+start on (filesystem and net-device-up)
+stop on runlevel [!2345]
+respawn
+
+script
+	SRS_DOMAIN=`postconf -h mydomain || true`
+	SRS_EXCLUDE_DOMAINS=
+	. "@CONFIG_DIR@/@PROJECT_NAME@"
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
+end script
+

makefile

@@ -6,6 +6,5 @@ clean distclean:
 
 build/Makefile: CMakeLists.txt
 	mkdir -p build
-	cd build && cmake .. -DCMAKE_BUILD_TYPE=Release
+	cd build && cmake .. -DCMAKE_BUILD_TYPE=Release $(addprefix -DINIT_FLAVOR=,$(INIT_FLAVOR)) -DCMAKE_C_FLAGS="$(CFLAGS)" $(addprefix -DCMAKE_C_COMPILER=,$(CC))
 
-	

postinstall.cmake.in

@@ -1,4 +1,5 @@
 set(GENERATE_SRS_SECRET "@GENERATE_SRS_SECRET@")
+set(SYSCONF_DIR "@SYSCONF_DIR@")
 set(CHROOT_DIR "@CHROOT_DIR@")
 set(CONFIG_DIR "@CONFIG_DIR@")
 set(INIT_FLAVOR "@INIT_FLAVOR@")
@@ -14,28 +15,30 @@ if(CHROOT_DIR AND NOT EXISTS "$ENV{DESTDIR}${CHROOT_DIR}")
 endif()
 
 if(INIT_FLAVOR AND NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
-	file(INSTALL FILES "@CMAKE_CURRENT_SOURCE_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
 endif()
 
 if(INIT_FLAVOR STREQUAL "sysv-lsb")
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.lsb_init" TYPE PROGRAM DESTINATION "/etc/init.d" RENAME "@PROJECT_NAME@")
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.sysv-lsb" TYPE PROGRAM DESTINATION "${SYSCONF_DIR}/init.d" RENAME "@PROJECT_NAME@")
 	if(INSSERV)
 		execute_process(
-			COMMAND ${INSSERV} -p "$ENV{DESTDIR}/etc/init.d" @PROJECT_NAME@
+			COMMAND ${INSSERV} -p "$ENV{DESTDIR}${SYSCONF_DIR}/init.d" @PROJECT_NAME@
 		)
 	endif()
 elseif(INIT_FLAVOR STREQUAL "sysv-redhat")
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.rh_init" TYPE PROGRAM DESTINATION "/etc/init.d" RENAME "@PROJECT_NAME@")
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.sysv-redhat" TYPE PROGRAM DESTINATION "${SYSCONF_DIR}/init.d" RENAME "@PROJECT_NAME@")
 	if(CHKCONFIG AND NOT "$ENV{DESTDIR}")
 		execute_process(
 			COMMAND ${CHKCONFIG} --add @PROJECT_NAME@
 		)
 	endif()
 elseif(INIT_FLAVOR STREQUAL "upstart")
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "/etc/init" RENAME "@PROJECT_NAME@.conf")
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "${SYSCONF_DIR}/init" RENAME "@PROJECT_NAME@.conf")
+elseif(INIT_FLAVOR STREQUAL "systemd")
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSCONF_DIR}/systemd/system" RENAME "@PROJECT_NAME@.service")
 endif()
 
-if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}/etc/${SECRET_FILE}")
+if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
 	message(STATUS "Generating secret key")
 	execute_process(
 		COMMAND ${DD} if=/dev/urandom bs=18 count=1
@@ -44,6 +47,7 @@ if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXIST
 		ERROR_QUIET
 		OUTPUT_STRIP_TRAILING_WHITESPACE
 	)
-file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}" DESTINATION "/etc" RENAME "${SECRET_FILE}" FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}" DESTINATION "${SYSCONF_DIR}" RENAME "${SECRET_FILE}" PERMISSIONS OWNER_READ OWNER_WRITE)
 file(REMOVE "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}")
 endif()
+

postsrsd.c

@@ -28,11 +28,22 @@
 #include <pwd.h>
 #include <string.h>
 #include <poll.h>
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_WAIT_H
 #include <wait.h>
+#endif
 #include <syslog.h>
 
 #ifndef VERSION
-#define VERSION "1.1"
+#define VERSION "1.2"
 #endif
 
 static char *self = NULL;
@@ -171,7 +182,7 @@ static void handle_forward (srs_t *srs, FILE *fp, const char *address, const cha
   fflush (fp);
 }
 
-static void handle_reverse (srs_t *srs, FILE *fp, const char *address, const char *domain, const char **excludes)
+static void handle_reverse (srs_t *srs, FILE *fp, const char *address, const char *domain __attribute__((unused)), const char **excludes __attribute__((unused)) )
 {
   int result;
   char value[1024];
@@ -180,7 +191,7 @@ static void handle_reverse (srs_t *srs, FILE *fp, const char *address, const cha
   if (result == SRS_SUCCESS) {
     output = url_encode(outputbuf, sizeof(outputbuf), value);
     fprintf (fp, "200 %s\n", output);
-    syslog (LOG_MAIL | LOG_INFO, "srs_reverse: <%s> rewritten as <%s>", address, value); 
+    syslog (LOG_MAIL | LOG_INFO, "srs_reverse: <%s> rewritten as <%s>", address, value);
   } else {
     fprintf (fp, "500 %s\n", srs_strerror(result));
     if (result != SRS_ENOTREWRITTEN && result != SRS_ENOTSRSADDRESS)
@@ -224,7 +235,7 @@ typedef void(*handle_t)(srs_t*, FILE*, const char*, const char*, const char**);
 
 int main (int argc, char **argv)
 {
-  int opt, timeout = 1800, family = AF_UNSPEC;
+  int opt, timeout = 1800, family = AF_INET;
   int daemonize = FALSE;
   char *forward_service = NULL, *reverse_service = NULL,
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
@@ -234,6 +245,7 @@ int main (int argc, char **argv)
   struct passwd *pwd = NULL;
   char secretbuf[1024], *secret = NULL;
   char *tmp;
+  time_t now;
   srs_t *srs;
   struct pollfd fds[3];
   const char **excludes;
@@ -328,7 +340,6 @@ int main (int argc, char **argv)
   }
   /* Read secret. The default installation makes this root accessible only. */
   if (secret_file != NULL) {
-    size_t len;
     sf = fopen(secret_file, "rb");
     if (sf == NULL) {
       fprintf (stderr, "%s: Cannot open file with secret: %s\n", self, secret_file);
@@ -356,6 +367,9 @@ int main (int argc, char **argv)
 
   /* Open syslog now (NDELAY), because it may no longer reachable from chroot */
   openlog (self, LOG_PID | LOG_NDELAY, LOG_MAIL);
+  /* Force loading of timezone info (suggested by patrickdk77) */
+  now = time(NULL);
+  localtime (&now);
   /* We also have to lookup the uid of the unprivileged user for the same reason. */
   if (user) {
     errno = 0;
@@ -420,6 +434,8 @@ int main (int argc, char **argv)
     char keybuf[1024], *key;
 
     if (poll(fds, 2, 1000) < 0) {
+      if (errno == EINTR)
+        continue;
       if (daemonize)
         syslog (LOG_MAIL | LOG_ERR, "Poll failure: %s", strerror(errno));
       else
@@ -431,6 +447,10 @@ int main (int argc, char **argv)
         conn = accept(fds[i].fd, NULL, NULL);
         if (conn < 0) continue;
         if (fork() == 0) {
+          // close listen sockets so that we don't stop the main daemon process from restarting
+          close(forward_sock);
+          close(reverse_sock);
+
           fp = fdopen(conn, "r+");
           if (fp == NULL) exit(EXIT_FAILURE);
           fds[2].fd = conn;
@@ -438,20 +458,24 @@ int main (int argc, char **argv)
           if (poll(&fds[2], 1, timeout * 1000) <= 0) return EXIT_FAILURE;
           line = fgets(linebuf, sizeof(linebuf), fp);
           while (line) {
+            fseek (fp, 0, SEEK_CUR); /* Workaround for Solaris */
             char* token;
             token = strtok(line, " \r\n");
             if (token == NULL || strcmp(token, "get") != 0) {
               fprintf (fp, "500 Invalid request\n");
+              fflush (fp);
               return EXIT_FAILURE;
             }
             token = strtok(NULL, "\r\n");
             if (!token) {
               fprintf (fp, "500 Invalid request\n");
+              fflush (fp);
               return EXIT_FAILURE;
             }
             key = url_decode(keybuf, sizeof(keybuf), token);
             if (!key) break;
             handler[i](srs, fp, key, domain, excludes);
+            fflush (fp);
             if (poll(&fds[2], 1, timeout * 1000) <= 0) break;
             line = fgets(linebuf, sizeof(linebuf), fp);
           }

postsrsd.upstart.in

@@ -1,23 +0,0 @@
-description "Postfix Sender Rewriting Scheme daemon"
-author "Timo Röhling <timo.roehling@gmx.de>"
-
-start on (filesystem and net-device-up)
-stop on runlevel [!2345]
-respawn
-
-env DEFAULTFILE=@CONFIG_DIR@/@PROJECT_NAME@
-
-script
-	SRS_DOMAIN=`postconf -h mydomain || true`
-	SRS_FORWARD_PORT=10001
-	SRS_REVERSE_PORT=10002
-	SRS_SECRET=/etc/@PROJECT_NAME@.secret
-	SRS_EXCLUDE_DOMAINS=
-	RUN_AS=nobody
-	CHROOT=@CHROOT_DIR@
-	if [ -r "$DEFAULTFILE" ]; then
-		. "$DEFAULTFILE"
-	fi
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -4 -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
-end script
-

sha1.c

@@ -334,19 +334,19 @@ sha_final(unsigned char digest[20], SHA_INFO *sha_info)
 */
 
 static void
-sha_digest(char *out, char *data, int len)
+sha_digest(char *out, char *data, unsigned len)
 {
 	SHA_INFO ctx;
 	sha_init(&ctx);
-	sha_update(&ctx, data, len);
-	sha_final(out, &ctx);
+	sha_update(&ctx, (sha_byte*)data, len);
+	sha_final((sha_byte*)out, &ctx);
 }
 
 void
-srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, int len)
+srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, unsigned len)
 {
 	char	 sbuf[SHA_BLOCKSIZE];
-	int		 i;
+	unsigned		 i;
 
 	if (len > SHA_BLOCKSIZE) {
 		sha_digest(sbuf, secret, len);
@@ -364,23 +364,23 @@ srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, int len)
 	memset(sbuf, 0, SHA_BLOCKSIZE);
 
 	sha_init(&ctx->sctx);
-	sha_update(&ctx->sctx, ctx->ipad, SHA_BLOCKSIZE);
+	sha_update(&ctx->sctx, (sha_byte*)ctx->ipad, SHA_BLOCKSIZE);
 }
 
 void
-srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, int len)
+srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, unsigned len)
 {
-	sha_update(&ctx->sctx, data, len);
+	sha_update(&ctx->sctx, (sha_byte*)data, len);
 }
 
 void
 srs_hmac_fini(srs_hmac_ctx_t *ctx, char *out)
 {
-	char	 buf[SHA_DIGESTSIZE + 1];
+	sha_byte buf[SHA_DIGESTSIZE + 1];
 
 	sha_final(buf, &ctx->sctx);
 	sha_init(&ctx->sctx);
-	sha_update(&ctx->sctx, ctx->opad, SHA_BLOCKSIZE);
+	sha_update(&ctx->sctx, (sha_byte*)ctx->opad, SHA_BLOCKSIZE);
 	sha_update(&ctx->sctx, buf, SHA_DIGESTSIZE);
-	sha_final(out, &ctx->sctx);
+	sha_final((sha_byte*)out, &ctx->sctx);
 }

srs2.c

@@ -55,7 +55,7 @@ static srs_malloc_t		srs_f_malloc	= malloc;
 static srs_realloc_t	srs_f_realloc	= realloc;
 static srs_free_t		srs_f_free		= free;
 
-int		
+int
 srs_set_malloc(srs_malloc_t m, srs_realloc_t r, srs_free_t f)
 {
 	srs_f_malloc = m;
@@ -145,7 +145,7 @@ srs_free(srs_t *srs)
 	for (i = 0; i < srs->numsecrets; i++) {
 		memset(srs->secrets[i], 0, strlen(srs->secrets[i]));
 		srs_f_free(srs->secrets[i]);
-		srs->secrets[i] = '\0';
+		srs->secrets[i] = 0;
 	}
 	srs_f_free(srs);
 }
@@ -212,7 +212,7 @@ const char *SRS_TIME_BASECHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
 #define SRS_TIME_SLOTS		(1<<(SRS_TIME_BASEBITS<<(SRS_TIME_SIZE-1)))
 
 int
-srs_timestamp_create(srs_t *srs, char *buf, time_t now)
+srs_timestamp_create(srs_t *srs __attribute__((unused)), char *buf, time_t now)
 {
 	now = now / SRS_TIME_PRECISION;
 	buf[1] = SRS_TIME_BASECHARS[now & ((1 << SRS_TIME_BASEBITS) - 1)];
@@ -507,7 +507,7 @@ srs_compile_guarded(srs_t *srs,
 }
 
 int
-srs_parse_shortcut(srs_t *srs, char *buf, int buflen, char *senduser)
+srs_parse_shortcut(srs_t *srs, char *buf, unsigned buflen, char *senduser)
 {
 	char	*srshash;
 	char	*srsstamp;
@@ -538,7 +538,7 @@ srs_parse_shortcut(srs_t *srs, char *buf, int buflen, char *senduser)
 						srshost, srsuser);
 		if (ret != SRS_SUCCESS)
 			return ret;
-		sprintf(buf, "%s@%s", srsuser, srshost);
+		snprintf(buf, buflen, "%s@%s", srsuser, srshost);
 		return SRS_SUCCESS;
 	}
 
@@ -577,13 +577,13 @@ srs_parse_guarded(srs_t *srs, char *buf, int buflen, char *senduser)
 }
 
 int
-srs_forward(srs_t *srs, char *buf, int buflen,
+srs_forward(srs_t *srs, char *buf, unsigned buflen,
 				const char *sender, const char *alias)
 {
 	char	*senduser;
 	char	*sendhost;
 	char	*tmp;
-	int		 len;
+	unsigned		 len;
 
 	if (srs->noforward)
 		return SRS_ENOTREWRITTEN;
@@ -619,7 +619,7 @@ srs_forward(srs_t *srs, char *buf, int buflen,
 					sendhost, senduser, alias);
 }
 
-int		
+int
 srs_forward_alloc(srs_t *srs, char **sptr,
 				const char *sender, const char *alias)
 {
@@ -650,11 +650,11 @@ srs_forward_alloc(srs_t *srs, char **sptr,
 }
 
 int
-srs_reverse(srs_t *srs, char *buf, int buflen, const char *sender)
+srs_reverse(srs_t *srs, char *buf, unsigned buflen, const char *sender)
 {
 	char	*senduser;
 	char	*tmp;
-	int		 len;
+	unsigned		 len;
 
 	if (!SRS_IS_SRS_ADDRESS(sender))
 		return SRS_ENOTSRSADDRESS;

srs2.h

@@ -20,6 +20,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
+#ifdef __APPLE__
+    #include <sys/types.h>
+#endif
+
 
 #ifndef __BEGIN_DECLS
 #define __BEGIN_DECLS
@@ -118,11 +122,11 @@ int		 srs_set_malloc(srs_malloc_t m, srs_realloc_t r, srs_free_t f);
 srs_t	*srs_new();
 void	 srs_init(srs_t *srs);
 void	 srs_free(srs_t *srs);
-int		 srs_forward(srs_t *srs, char *buf, int buflen,
+int		 srs_forward(srs_t *srs, char *buf, unsigned buflen,
 				const char *sender, const char *alias);
 int		 srs_forward_alloc(srs_t *srs, char **sptr,
 				const char *sender, const char *alias);
-int		 srs_reverse(srs_t *srs, char *buf, int buflen,
+int		 srs_reverse(srs_t *srs, char *buf, unsigned buflen,
 				const char *sender);
 int		 srs_reverse_alloc(srs_t *srs, char **sptr, const char *sender);
 const char *
@@ -168,8 +172,8 @@ struct _srs_hmac_ctx_t {
 	char		opad[SHA_BLOCKSIZE + 1];
 } srs_hmac_ctx_t;
 
-void	 srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, int len);
-void	 srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, int len);
+void	 srs_hmac_init(srs_hmac_ctx_t *ctx, char *secret, unsigned len);
+void	 srs_hmac_update(srs_hmac_ctx_t *ctx, char *data, unsigned len);
 void	 srs_hmac_fini(srs_hmac_ctx_t *ctx, char *out);